business
the
of our
business
This section of The Rea Report is dedicated to providing you with more insight into the inner-workings of
Rea & Associates. To read past articles in this series, visit www.reacpa.com/business-of-our-business.
the world of data security, the hu-
man being will always be your com-
pany’s weakest link. That’s not a
slight on you or your employees, it’s fact. The
majority of people aren’t thinking about how
all this technology, which is supposed to make
our lives easier, can harm us or our customers.
Those of us in IT, on the other hand, think about
this day and night. Here at Rea, we’ve come up
with a few effective initiatives and solutions that
have helped keep our network safe from ongo-
ing cyber threats.
EMPLOYEE EDUCATION
Your employees are your first line of defense
against a cyberattack. If you don’t teach them
what to look for, they won’t bat an eyelash
upon receiving an obscure email from a mem-
ber of your leadership team that’s uncharac-
teristically full of spelling errors, was sent dur-
ing the middle of the night and asks them to
open an attachment or to send sensitive finan-
cial information.
Employee education is at the forefront of our
data security efforts, and we’ve launched sev-
eral initiatives designed to identify risks, raise
awareness and educate employees about the
dangers associated with the technology they
use every day.
One tactic we’ve used is to send simulated
phishing tests to track how many people, if any,
open them or attempt to download content.
This helps us identify risk areas, and helps
us determine where to focus our training ef-
forts. We also kicked off quarterly cyberse-
curity training sessions. These online classes
are offered by KnowBe4, and all employees
are required to participate. We also notify our
team about cybersecurity threats in real time
if an employee sends us an email to check
that we deem to be suspicious.
FIREWALLS, ANTIVIRUS
& TESTING – OH MY!
If you use the internet for any reason, you are
at risk, which is why it’s so important to have
the proper security measures. In addition to
firewalls, we’ve added two additional layers
of protection:
• Deep Packet Inspection, Secure Sock-
et Layer (DPI-SSL) allows the firewall to
conduct a deeper examination all web-
sites that cross its path for common mal-
ware sequences.
We’ve also taken a cutting-edge ap-
proach to our antivirus protection. Most
antivirus programs are “rules-based”
programs, which means they look at a
list of attributes to determine if a par-
ticular file is a threat. We use an anti-
virus that deploys a “behavior-based”
approach to identify and protect our
network. The program, Cylance ™ , looks
beyond attributes to evaluate the file’s
purpose and behavior.
MAKE CYBERSECURITY
A PRIORITY
While installing firewalls and antivirus
software continues to be an important
step, nothing is more vital than pro-
viding comprehensive and ongoing
training to your employees. If you
haven’t already identified a strategy to
arm your front line with the education
they need to stop malicious activity in
its tracks, start today.
• ATP Capture evaluates anything down-
loaded from the internet for dangerous
material. Each file is first checked against
a registry of files that have been inspected
before. If the file is listed on the registry,
then the download continues. If it’s not,
the program loads and evaluates the file
before releasing it.
We have many great cybersecurity resources on our website. Listen to episode 149 of Rea’s podcast,
unsuitable on Rea Radio, to hear from Mike Moran, co-founder and president of Affiliated, an IT implementation
and professional services firm, to find out where the “smart guys” are investing their IT security dollars.
www.reacpa.com/episode-149
9